While Windows installed with Terminal Server role it does work without License for 120 Days on trail license, where within 120 days if the License server is not Connected the server will stop accepting connection with below error and event ID

EventID: 1128
Source: TerminalServices-RemoteConnectionManager

The RD Licensing grace period has expired and the service has not registered with a license server with installed licenses. A RD Licensing server is required for continuous operation. A Remote Desktop Session Host server can operate without a license server for 120 days after initial start up.

The official solution is to Activate the RDS/TS CAL License server and point the Server to License server with User/Device License and will be resolve the problem

But if you want to reset the timer and again avail 120 days grace time here is the solution

The solution was to delete the REG_BINARY inHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\RCM\GracePeriod
Only leaving the default.

Note: you must take ownership and give admin users full control to be able to delete this key.

After a reboot the server should be working again for another 120 Days

Gefällt mir:

Watchguard System Manager unter Linux benutzen

If you are a WCSP and work with Linux for network administration, perhaps this little how-to is for you.
Scritto da Sebastian Zdrojewski, pubblicato il 26/01/2014 08:00

Did you notice anything particular about the above screenshot? It is a remote session on a Customer’s Watchguard Management Server, but running from a Linux shell instead of a Windows OS. I switched back to Linux some time ago, and I’m trying to get rid of Windows for my day by day activities. Administering a Watchguard device was one of those activities I was still relying on Windows for.

I have started again playing with Wine for a couple of Windows based tools I needed to run, and thought: why not trying WSM on it too?

Well at first I had a couple of issues with launching WSM, and since Nov. 19th I was able to run the Policy Manager freely from my Linux box (either Fedora and CentOS distros). Today I digged a bit deeper into it and made run everything: both WSM 11.7 and WSM 11.8 suites now runs completely on my computers (did not try the Setup Wizard because I mostly don’t use it).

There’s a trick about running WSM which otherwise will throw an exception related to the SNMP driver. All you have to do is get a wsnmp32.dll file from an existing XP or Windows 7 box, and copy it into the wine’s system32 directory. Once you done that you need to define a DLL Override in Wine and stating that mentioned dll has to be a „Native (Windows)“ library.

Done that, you should be able to run all the Watchguard management tools on your linux box, which added to the support of OpenVPN for SSL VPN connections turns your linux box into a fully working management station for your hosts.

If you are a network administrator running on Linux for all the most easy to guess reasons, having your most precious firewall management tool handy without the need of virtual machines or multiple devices can be a great game changer.

I hope you may find useful this 🙂

Disclaimer

Albeit working smoothly and being really stable on my installations, if you plan to work with WSM on Linux you should be very familiar with troubleshooting and using this OS. Linux is not supported by Watchguard as an OS running WSM, as you can read on the release notes of the mentioned software.

In TurnKey 11, instead of installing the root filesystem directly to a fixed size partition, we setup LVM by default, and install the root filesystem to a Logical Volume, which may later be expanded, even across multiple physical devices.

Unfortunately, as with anything powerful, to get the most out of LVM you first have to negotiate a learning curve. From the feedback we’ve been getting it seems that confusion regarding LVM is common with new users, so here’s a quick „crash course“…

We can only extend a Logical Volume within the free space of the underlyingVolume Group. How much free space we currently have within the Volume Group can be seen in this part of the output:

Free PE / Size 165 / 660.00 MiB

In the above example we only have 660 MB to allocate to LVMs within theturnkeyVolume Group. So if we want to extend the root LV we’ll have to first extend the VG backs it up.

Volume Groups group together Physical Volumes. That’s why they’re called Volume Groups. This command will show us which Physical Volumes have been registered into LVM, and to which volume groups they have been assigned:

In this example we only have one Physical Volume (the /dev/sda2 partition) in theturnkeyVolume Group.

Extending a Logical Volume

Bottom line: if the underlying Volume Group doesn’t have enough free space, to extend the Logical Volume you’ll first have to extend the underlying Volume Groupby adding another Physical Volume to it.

In VMWare you could either create a new virtual hard disk device to add to the volume group, or extend an existing virtual hard disk device, create a new partition with cfdisk, and add the new partition to the Volume Group:

Overview

Having a Lenovo Yoga 2 13″ (non-pro) running Ubuntu 14.04.1, I couldn’t get Wireless LAN up and running, as the WLAN NIC appeared to be “hardware locked”. This is the summary of how I solved this issue. If you’re not interested in the gory details, you may jump right to bottom, where I offer a replacement module that fixes it. At least for me.

The problem

Laptops have a mechanism for working in “flight mode” which means turning off any device that could emit RF power, so that the airplane can crash for whatever different reason. Apparently, some laptops have a physical on-off switch to request this, but on Lenovo Yoga 13, the arrangement is to press a button on the keyboard with an airplane drawn on it. The one shared with F7.

It seems to be, that on Lenovo Yoga 13, the ACPI interface, which is responsible for reporting the Wifi’s buttons state, always reports that it’s in flight mode. So Linux turns off Wifi, and on the desktop’s Gnome network applet it says “Wi-Fi is disabled by hardware switch”.

In the dmesg log one can tell the problem with a line like

iwlwifi 0000:01:00.0: RF_KILL bit toggled to disable radio.

which is issued by the interrupt request handler defined in drivers/net/wireless/iwlwifi/pcie/rx.c, which responds to an interrupt from the device that informs the host that the hardware RF kill bit is set. So the iwlwifi module is not to blame here — it just responds to a request from the ACPI subsystem.

rfkill

The management of RF-related devices is handled by the rfkill subsystem. On my laptop, before solving the problem, a typical output went

So there are different entities that can be controlled with rfkill, enumerated and assigned soft and hard blocks. Each of these relate to a directory in /sys/class/rfkill/. For example, the last device, “phy7″ enumerated as 7 corresponds to /sys/class/rfkill/rfkill7, where the “hard” and “soft” pseudo-files signify the status with “0″ or “1″ values.

The soft block can be changed by “rfkill unblock 0″ or “rfkill unblock 7″, but this doesn’t really help with the hardware block. Both has to be “off” to use the device.

As can be seen easily from the rkfill list above, each of the physical devices are registered twice as rfkill devices: Once by their driver, and a second time by the ideapad_laptop driver. This will be used in the solution below.

The ideapad_laptop module

The ideapad-laptop module is responsible for talking with the ACPI layer on machines that match “VPC2004″ as a platform (as in /sys/devices/platform/VPC2004:00, or /sys/bus/acpi/devices/VPC2004:00, but doesn’t fit anything found in /sys/class/dmi/id/).

Blacklisting this module has been suggested for Yoga laptops all over the web. In particularthis post suggests to insmod the module once with a hack that forces the Wifi on, and then blacklist it.

But by blacklisting ideapad-laptop, the computer loses some precious functionality, including disabling Wifi and the touchpad by pressing a button. So this is not an appealing solution.

So the Radio and Wifi statuses, which are read from the ACPI registers, are off. This makes the ideapad_laptop module conclude that everything should go off.

The solution

In essence, the solution for the problem is to take the ideapad_laptop’s hands off the Wifi hardware, except for turning the hardware block off when it’s loaded. It consists of making the following changes in drivers/platform/x86/ideapad-laptop.c:

First, remove the driver’s rfkill registration. Somewhere at the beginning of the file, change

#define IDEAPAD_RFKILL_DEV_NUM (3)

to

#define IDEAPAD_RFKILL_DEV_NUM (2)

and in the definition of ideapad_rfk_data[], remove the line saying

{ "ideapad_wlan", CFG_WIFI_BIT, VPCCMD_W_WIFI, RFKILL_TYPE_WLAN }

This prevents the driver from presenting an rfkill interface, so it keeps its hands off.

There is however a chance that the relevant bit in the ACPI layer already has the hardware block on. So let’s turn it off every time the driver loads. In ideapad_acpi_add(), after the call to ideapad_sync_rfk_state(), more or less, add the following two lines:

And finally, solve a rather bizarre phenomenon, that when reading for the RF state with a VPCCMD_R_RF command, the Wifi interface is hardware blocked for some reason. Note that radio is always in off mode, so it’s a meaningless register on Yoga 2. This is handled in two places. First, empty ideapad_sync_rfk_state() completely, by turning it into

static void ideapad_sync_rfk_state(struct ideapad_private *priv)
{
}

This function reads VPCCMD_R_RF and calls rfkill_set_hw_state() accordingly, but on Yoga 2 it will always block everything, so what’s the point?
Next, in debugfs_status_show() which prints out /sys/kernel/debug/ideapad/status, remove the following three lines:

Having these changes made, the Wifi works properly, regardless of it was previously reported hardware blocked.

This can’t be submitted as a patch to the kernel, because presumably some laptops need the rfkill interface for Wifi through ideapad_laptop (or else, why was it put there in the first place?).

Also, maybe I should have done this for Bluetooth too? Don’t know. I don’t use Bluetooth right now, and the desktop applet seems to say all is fine with it anyhow.

Download the driver fix

For the lazy ones, I’ve prepared a little kit for compiling the relevant driver. I’ve taken the driver as it appears in kernel 3.16, more or less, and applied the changes above. And I then added a Makefile to make it compile easily. Since the kernel API changes rather rapidly, this will probably work well for kernels around 3.16 (that includes 3.13), and then you’ll have to apply the changes manually. If it isn’t fixed in the kernel itself by then.

Download it from here, untar it, change directory, and compile it with typing “make”. This works only if you have the kernel headers and gcc compiler installed, which is usually the case in recent distributions. So a session like this is expected:

We did this deliberately to enforce a Microsoft standard that our guys agree with – don’t install software on a DC, but they made that decision in isolation. Nothing more than that. So use the workaround safely and hopefully we can undo this in the future.

Since Windows 2008 the “oldschool” and well known 2003 terminal services are extended on rich web services which provides now great new capabilities in designing and deploying built in terminal server services based on HTTP/HTTPS. in combination with RD Gateway the applications can also be securely published to WWW and session host server be isolated in non public facing network segments. all terminal services are now called Remote Desktop services shortly RD.

To enable RD (Remote Desktop) services there are generally 2 ways, “Quickstart” and “Standard Deployment”. Also there 2 types of RD services available, Session Virtualization or VDI (Virtual Desktop Infrastructure). In this blog article I focus and deploy RDS for session virtualization which means hosting and publishing of terminal server applications.

Quickstart is straight forward and deploys you quickly the required services and configure an standard pool of applications mainly can be used for setting up a…